Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

New to HiJackThis-Trojans, Virus and Stuff

ritz

Posted 28 November 2004 - 03:02 PM

ritz

New Member

Member

6 posts

Hello new to this site and read the posts and don't toally understand what I'm doing but want to learn. Had a couple of trojans infect my machine and have gotten into areas that I have no clue on how to get rid of them. I regularly run AVG and have for over a year. Downloaded Lavasoft Adaware and performed scan. Deleted all items it identified. AVG identified two virus/trojans but was only able to delete/quarantine 1. The file in "Commonfiles/TSA/TSL.exe " could not. I seem to note that Adaware listed it and I did check all the boxes there for deletion. I wasn't too sure just what I'm doing with HiJackThis and downloaded it from the site here but it would not let me save the file so that I could open it. I had to "run" it directly and it saved it to my windows temp file but I did a scan and have the log. Ok you have my attention! Here is the log:

Advertisements

admin

Posted 28 November 2004 - 04:12 PM

Welcome to Geeks to Go ritz. Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.O2 - BHO: ohb - {F0C08B30-BA30-4FEB-924B-2E250CF0697D} - C:\WINDOWS\System32\gwss.dllO4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exeO16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://F:\content\include\XPPatchInstaller.CABO16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://F:\Content\include\msSecUcd.cabO16 - DPF: {DAB941D8-BC94-4819-AB4D-5598C65FA3FE} (iiittt Class) - http://toolbar2.glob...om/v30/gwss.cab

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu). Be sure you're able to view hidden files, and remove the following files in bold (if found):C:\WINDOWS\System32\gwss.dllC:\PROGRAM FILES\COMMON FILES\tsa <- this folder

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and we'll remove what's left.

ritz

Posted 28 November 2004 - 07:41 PM

ritz

New Member

Topic Starter

Member

6 posts

Still can not get the file to save. I click the link on the page that you must read before posting and when I click the link, I get the box to download the program, tell it the folder I wish it to go but then when I click on it all it does is sit there. I can not get it to download unless I tell it to run the file. Then it downloads it to "My Downloads" but all I can do is run it, will not let me save it as that option box is shadowed so I have to run the program and it opens up in Temp. The file will not be there later so I can install to a permanant file location and I get the warning box telling me to save it as such. I can not do anything except run the scan, I try to save the logs but only get them in notepad and still can't save them so they are readable. But that is another problem. I performed the requested actions. When I went into safe mode to attempt to find the two files you directed me to remove they were not there. REbooted system, rescan and the following log:

Note, during the process of trying to do this I was alerted by AVG Shield that I had another trojan called Dropper.Small.5.J When I ran AVG it did not find it but told me about it as the alert went off and said to remove run AVG ... Anyway. Hopefully you guys can help me through this. Thanks!

admin

Posted 04 December 2004 - 12:31 PM

How do you prevent spyware from being installed again? We strongly recommend installing SpywareBlaster (it's free for personal use) Click Here.

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restrict the actions of potentially dangerous sites in Internet Explorer.Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page.

It's also very important to keep your system up to date to avoid unnecessary security risks. Click Here to make sure that you have the latest patches for Windows.

These next two steps are optional, but will provide the greatest protection.1. Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness. We usually recommend FireFox .2. Install Sun's Java. It's much more secure than Microsoft's Java Virtual Machine .

It's okay to delete the Hijack This folder if everything is working okay.

After doing all these, your system will be thoroughly protected from future threats.